Is it what you should expect from unbound in full resolver mode?

A Former User

No forwarding, no TLS, no DNS server in general setup. pfblockerng in python mode.
When I try the diagnostic/DNS lookup tool for say, www.ford.com,, the first uncached response in often around 100ms. The second (cached) is near 0).
I'm not impressed.
Should I?

edit: Ok, I changed the settings "DNS Resolution Behavior" back to default. Let's see if it improves things a bit.

NollipfSense

@marchand-guy said in Is it what you should expect from unbound in full resolver mode?:

no DNS server in general setup.

So, what you have here?

johnpoz

@marchand-guy not impressed with what.. That you resolved from roots in 100 ms ford.com..

That is actually pretty good.. But keep in mind that was from a standing start.. Going forward you don't have to ask roots for the .com NSes, and looking up anything from ford.com any more you don't have to ask the gltd servers for NS for ford.com.

What did you think it was going to be? Shoot asking google.com takes

Asking the ford NS directly is faster ;)

;; QUESTION SECTION:
;ford.com.                      IN      A

;; ANSWER SECTION:
ford.com.               1800    IN      A       19.12.113.37
ford.com.               1800    IN      A       19.12.97.37

;; Query time: 12 msec
;; SERVER: 19.12.97.134#53(19.12.97.134)

And I get the full ttl, not whatever is left in the cache that is going to make me query yet again sooner..

;; QUESTION SECTION:
;ford.com.                      IN      A

;; ANSWER SECTION:
ford.com.               332     IN      A       19.12.113.37
ford.com.               332     IN      A       19.12.97.37

;; Query time: 19 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)

if your worried about a few ms here or there when doing dns - you need to do some research how dns is designed to work, you going to notice 0.1 second - really??

Keep in mind again that resolve time is from standing still all the way down from roots.. Turn prefetch on, turn serve 0 on.. Who cares how long it takes to resolve from stand still..

A Former User

@NollipfSense I changed the settings "DNS Resolution Behavior" back to default. It was Use local DNS 127.0.0.1, Ignore remote.

johnpoz

@marchand-guy said in Is it what you should expect from unbound in full resolver mode?:

Use local DNS 127.0.0.1, Ignore remote.

That really should be default if you ask me.. I am resolving I don't want to ever forward to anything.. Not some dhcp server I got from dhcp, etc.

A Former User

@johnpoz That's what I thought. Trying to gauge my performance under full resolver vs forwarding. You seem to thinks it's ok from stand still.
Which is comforting.
Thank you.

A Former User

@johnpoz said in Is it what you should expect from unbound in full resolver mode?:

Turn prefetch on, turn serve 0 on

Already did.
I selected:
Prefetch Support
Prefetch DNS Key Support
Harden DNSSEC Data
Serve Expired
Aggressive NSEC

Maybe that's too much?

johnpoz

@marchand-guy too much? No..